Autonomous driving vehicle and driverless transportation system

ABSTRACT

When an autonomous driving vehicle picks a user up, a control device performs departure condition confirmation processing. The departure condition confirmation processing includes first authentication processing that performs authentication of the user outside the autonomous driving vehicle based on first authentication information, door lock release processing that releases a door lock in response to the completion of the first authentication processing, second authentication information provision processing that makes the user acquire second authentication information different from the first authentication information in response to the completion of the first authentication processing, second authentication processing that performs authentication of the user inside a vehicle cabin of the autonomous driving vehicle based on the second authentication information, and start permission processing that permits the start of the autonomous driving vehicle in a case where the second authentication processing is completed.

INCORPORATION BY REFERENCE

The disclosure of Japanese Patent Application No. 2017-162634 filed onAug. 25, 2017 including the specification, drawings and abstract isincorporated herein by reference in its entirety.

BACKGROUND 1. Technical Field

The present disclosure relates to an autonomous driving vehicle and adriverless transportation system that provide a driverlesstransportation service.

2. Description of Related Art

U.S. Pat. No. 9,547,309 discloses a transport arrangement system. In thetransport arrangement system, in a case where a transport request isreceived from a user, the type of vehicle arranged for the user isdetermined. For example, the transport arrangement system determineswhether or not to arrange an autonomous driving vehicle taking intoconsideration a destination designated by the transport request.

Japanese Unexamined Patent Application Publication No. 2016-115364 (JP2016-115364 A) discloses a vehicle allocation management system using anautonomous driving vehicle. In a case where a user performs memberregistration, a vehicle allocation management server stores firstinformation for authentication and second information for authenticationrelating to the user. In a case where a vehicle allocation request isreceived from the user, the vehicle allocation management servertransmits the first information for authentication to the autonomousdriving vehicle. The autonomous driving vehicle performs theauthentication of the user using the first information forauthentication. The autonomous driving vehicle receives the secondinformation for authentication from the user, and transmits the receivedsecond information for authentication to the vehicle allocationmanagement server. The vehicle allocation management server performs theauthentication of the user using the second information forauthentication, and notifies the autonomous driving vehicle of anauthentication result.

US 2016/0301698 A discloses an in-vehicle authentication system of anautonomous driving vehicle. The in-vehicle authentication systemdetermines ID information and the age of the user, the number of people,and the like as an authentication policy, and performs theauthentication of the user based on the authentication policy.

US 2017/0115125 A discloses an authentication method of a user in avehicle allocation service. A management system generates a codepeculiar for a position where a vehicle picks the user up. One of thevehicle and a user terminal emits a light signal based on the code, andthe other of the vehicle and the user terminal detects the light signalusing a camera.

U.S. Pat. No. 8,732,803 discloses a general two-stage authenticationmethod unrelated to a vehicle allocation service of an autonomousdriving vehicle.

SUMMARY

A driverless transportation service using an unmanned autonomous drivingvehicle is considered. In the driverless transportation service, theautonomous driving vehicle needs to automatically pick a user up.Specifically, the autonomous driving vehicle goes toward a pickupposition desired by the user. At the pickup position desired by theuser, the user gets in the autonomous driving vehicle. The autonomousdriving vehicle departs toward a destination.

When the autonomous driving vehicle picks the user up, the followingproblem may occur. For example, in a state where the user does not getin the autonomous driving vehicle, the autonomous driving vehicle maystart. Since the autonomous driving vehicle can be in an unmannedoperation, the autonomous driving vehicle may start without regard to anintention of the user or circumstances.

The disclosure provides a technique capable of restraining start of anautonomous driving vehicle in a state in which a user does not get inthe autonomous driving vehicle in a driverless transportation service.

A first aspect of the disclosure relates to an autonomous drivingvehicle that provides a driverless transportation service to a user. Theautonomous driving vehicle includes a first authentication informationacquisition device, a second authentication information acquisitiondevice, and a control device. The first authentication informationacquisition device is configured to acquire first authenticationinformation associated with the user from the user outside theautonomous driving vehicle. The second authentication informationacquisition device is configured to acquire second authenticationinformation from the user inside a vehicle cabin of the autonomousdriving vehicle. The control device is configured to control theautonomous driving vehicle. When the autonomous driving vehicle picksthe user up, the control device performs departure conditionconfirmation processing. The departure condition confirmation processingincludes first authentication processing that performs authentication ofthe user outside the autonomous driving vehicle based on the firstauthentication information acquired by the first authenticationinformation acquisition device, door lock release processing thatreleases a door lock of the autonomous driving vehicle in response tothe completion of the first authentication processing, secondauthentication information provision processing that makes the useracquire the second authentication information different from the firstauthentication information in response to the completion of the firstauthentication processing, second authentication processing thatperforms authentication of the user inside the vehicle cabin of theautonomous driving vehicle based on the second authenticationinformation acquired by the second authentication informationacquisition device, and start permission processing that permits thestart of the autonomous driving vehicle in a case where the secondauthentication processing is completed.

In the autonomous driving vehicle according to the first aspect of thedisclosure, in the second authentication information provisionprocessing, the control device may generate the second authenticationinformation and may provide the generated second authenticationinformation to a terminal of the user.

In the autonomous driving vehicle according to the first aspect of thedisclosure, in the second authentication information provisionprocessing, the control device may request a management server togenerate and provide the second authentication information and mayreceive the second authentication information generated by themanagement server from the management server. The second authenticationinformation generated by the management server may be provided from themanagement server to a terminal of the user.

In the autonomous driving vehicle according to the first aspect of thedisclosure, after the completion of the first authentication processing,in a case where the second authentication processing is not completedeven when a first predetermined time elapses, the control device mayprompt the user to perform an authentication operation for the secondauthentication processing.

In the autonomous driving vehicle according to the first aspect of thedisclosure, after the completion of the first authentication processing,in a case where the second authentication processing is not completedeven when a second predetermined time longer than the firstpredetermined time elapses, the control device may start charging to theuser authenticated by the first authentication processing.

A second aspect of the disclosure relates to a driverless transportationsystem that provides a driverless transportation service to a user. Thedriverless transportation system includes a management server and anautonomous driving vehicle.

The autonomous driving vehicle is configured to be able to communicatewith the management server. The autonomous driving vehicle includes afirst authentication information acquisition device and a secondauthentication information acquisition device. The first authenticationinformation acquisition device is configured to acquire firstauthentication information associated with the user from the useroutside the autonomous driving vehicle. The second authenticationinformation acquisition device is configured to acquire secondauthentication information from the user inside a vehicle cabin of theautonomous driving vehicle. When the autonomous driving vehicle picksthe user up, the autonomous driving vehicle performs departure conditionconfirmation processing. The departure condition confirmation processingincludes first authentication processing that performs authentication ofthe user outside the autonomous driving vehicle based on the firstauthentication information acquired by the first authenticationinformation acquisition device, door lock release processing thatreleases a door lock of the autonomous driving vehicle in response tothe completion of the first authentication processing, secondauthentication information provision processing that makes the useracquire the second authentication information different from the firstauthentication information in response to the completion of the firstauthentication processing, second authentication processing thatperforms authentication of the user inside the vehicle cabin of theautonomous driving vehicle based on the second authenticationinformation acquired by the second authentication informationacquisition device, and start permission processing that permits thestart of the autonomous driving vehicle in a case where the secondauthentication processing is completed.

In the driverless transportation system according to the second aspectof the disclosure, in the second authentication information provisionprocessing, the autonomous driving vehicle may generate the secondauthentication information and may provide the generated secondauthentication information to a terminal of the user.

In the driverless transportation system according to the second aspectof the disclosure, in the second authentication information provisionprocessing, the autonomous driving vehicle may request the managementserver to generate and provide the second authentication information.The management server may generate the second authentication informationand may provide the generated second authentication information to theautonomous driving vehicle and a terminal of the user.

In the driverless transportation system according to the second aspectof the disclosure, the management server may generate the firstauthentication information and may provide the generated firstauthentication information to the autonomous driving vehicle and aterminal of the user in response to a vehicle allocation request fromthe user.

In the driverless transportation system according to the second aspectof the disclosure, the first authentication information may beregistration information of the user that is registered in themanagement server in advance. The management server may provide theregistration information as the first authentication information to theautonomous driving vehicle in response to a vehicle allocation requestfrom the user.

According to the aspects of the disclosure, in the departure conditionconfirmation processing, the two-stage authentication processing isperformed. Specifically, the first authentication processing isperformed to the user outside the autonomous driving vehicle before therelease of the door lock. After the completion of the firstauthentication processing, the second authentication informationdifferent from the first authentication information is provided to theuser, and the second authentication processing is performed to the userinside the vehicle cabin of the autonomous driving vehicle. In a casewhere the second authentication processing is completed, the start ofthe autonomous driving vehicle is permitted.

With the first authentication processing before the release of the doorlock, another person other than the user who transmits the vehicleallocation request is restrained from getting in the autonomous drivingvehicle arrived at the pickup position without permission. With thesecond authentication processing, the autonomous driving vehicle isrestrained from starting in a state in which the user does not get inthe autonomous driving vehicle.

With the two-stage authentication processing, the following effect isalso obtained. For example, a case where another person who is maliciousacquires the first authentication information relating to the user in anunauthorized manner with means, such as hacking, is considered.According to the aspects of the disclosure, after the completion of thefirst authentication processing, the second authentication informationdifferent from the first authentication information is provided to theauthorized user, and the second authentication processing is performedbased on the second authentication information. Accordingly, even thoughanother person can acquire the first authentication information, anotherperson cannot pass the second authentication processing. That is, it isnot possible for another person to start the autonomous driving vehicle.

As described above, according to the aspects of the disclosure, it ispossible to restrain the start of the autonomous driving vehicle in astate in which the user who transmits the vehicle allocation requestdoes not get in the autonomous driving vehicle. That is, it is possibleto restrain the start of the autonomous driving vehicle unintended bythe user.

BRIEF DESCRIPTION OF THE DRAWINGS

Features, advantages, and technical and industrial significance ofexemplary embodiments of the disclosure will be described below withreference to the accompanying drawings, in which like numerals denotelike elements, and wherein:

FIG. 1 is a block diagram schematically showing the configuration of adriverless transportation system according to a first embodiment of thedisclosure;

FIG. 2 is a conceptual diagram illustrating departure conditionconfirmation processing in an autonomous driving vehicle according tothe first embodiment of the disclosure;

FIG. 3 is a block diagram showing a configuration example of theautonomous driving vehicle according to the first embodiment of thedisclosure;

FIG. 4 is a flowchart showing the departure condition confirmationprocessing in the autonomous driving vehicle according to the firstembodiment of the disclosure;

FIG. 5 is a conceptual diagram showing an example of a distributionmethod of first authentication information in a management serveraccording to the first embodiment of the disclosure;

FIG. 6 is a conceptual diagram showing another example of thedistribution method of the first authentication information in themanagement server according to the first embodiment of the disclosure;

FIG. 7 is a conceptual diagram showing an example of secondauthentication information provision processing according to the firstembodiment of the disclosure;

FIG. 8 is a conceptual diagram showing another example of the secondauthentication information provision processing according to the firstembodiment of the disclosure;

FIG. 9 is a flowchart showing second authentication processing accordingto a second embodiment of the disclosure; and

FIG. 10 is a flowchart showing second authentication processingaccording to a third embodiment of the disclosure.

DETAILED DESCRIPTION OF EMBODIMENTS

An embodiment of the disclosure will be described referring to theaccompanying drawings.

1. First Embodiment

1-1. Driverless Transportation System

FIG. 1 is a block diagram schematically showing the configuration of adriverless transportation system 1 according to a first embodiment ofthe disclosure. The driverless transportation system 1 provides adriverless transportation service to a user. The driverlesstransportation system 1 includes a user terminal 10, a management server20, and an autonomous driving vehicle 30.

The user terminal 10 is a terminal that is carried with the user of thedriverless transportation service. The user terminal 10 includes atleast a processor, a storage device, and a communication device, and canperform various kinds of information processing and communicationprocessing. For example, the user terminal 10 can communicate with themanagement server 20 and the autonomous driving vehicle 30 through acommunication network. As the user terminal 10, a smartphone isillustrated.

The management server 20 is a server that manages the driverlesstransportation service. The management server 20 includes at least aprocessor, a storage device, and a communication device, and can performvarious kinds of information processing and communication processing.For example, the management server 20 can communicate with the userterminal 10 and the autonomous driving vehicle 30 through thecommunication network. The management server 20 manages information ofthe user. The management server 20 manages vehicle allocation or thelike of the autonomous driving vehicle 30.

The autonomous driving vehicle 30 can be in an unmanned operation. Theuser gets in the autonomous driving vehicle 30, and the autonomousdriving vehicle 30 provides the driverless transportation service to theuser. The autonomous driving vehicle 30 can communicate with the userterminal 10 and the management server 20 through the communicationnetwork.

A basic flow of the driverless transportation service is as follows.

The user transmits a vehicle allocation request using the user terminal10. The vehicle allocation request includes a pickup position desired bythe user, or the like. The vehicle allocation request is sent to themanagement server 20 through the communication network. The managementserver 20 selects the autonomous driving vehicle 30 that provides theservice to the user and sends information of the vehicle allocationrequest to the selected autonomous driving vehicle 30. The autonomousdriving vehicle 30 that receives information of the vehicle allocationrequest automatically goes toward the pickup position desired by theuser.

The autonomous driving vehicle 30 arrives at the pickup position desiredby the user and is stopped. The user gets in the autonomous drivingvehicle 30. The user sends a destination to the autonomous drivingvehicle 30. Alternatively, information of the destination may beincluded in the vehicle allocation request. The autonomous drivingvehicle 30 automatically travels toward the destination. The autonomousdriving vehicle 30 arrives at the destination and is stopped. The usergets off the autonomous driving vehicle 30.

1-2. Outline of Departure Condition Confirmation Processing

When the autonomous driving vehicle 30 picks the user up in thedriverless transportation service, the following problem may occur. Forexample, the autonomous driving vehicle 30 may start without permissionwhile the user is loading a cargo in a trunk of the autonomous drivingvehicle 30. As another example, another person other than the user whotransmits the vehicle allocation request may get in the autonomousdriving vehicle 30 arrived at the pickup position without permission andmay start the autonomous driving vehicle 30.

As described above, in a state in which the user does not get in theautonomous driving vehicle 30, the autonomous driving vehicle 30 maystart. Since the autonomous driving vehicle 30 can be in an unmannedoperation, the autonomous driving vehicle 30 may start without regard toan intention of the user or circumstances. The user feels a sense ofdiscomfort or inconvenience with the unintended start described above.This causes degradation of reliability to the autonomous driving vehicle30 and the driverless transportation service.

According to the first embodiment of the disclosure, a “departurecondition” for permitting the start of the autonomous driving vehicle 30at the pickup position desired by the user is specified. Determinationis made whether or not the departure condition is satisfied before theautonomous driving vehicle 30 departs from the pickup position desiredby the user toward the destination. The start of the autonomous drivingvehicle 30 is prohibited until the departure condition is satisfied. Ina case where the departure condition is satisfied, the start of theautonomous driving vehicle 30 is permitted. The processing ishereinafter referred to as “departure condition confirmationprocessing”.

FIG. 2 is a conceptual diagram illustrating the departure conditionconfirmation processing in the autonomous driving vehicle 30 accordingto the first embodiment of the disclosure. According to the firstembodiment of the disclosure, the departure condition confirmationprocessing includes two-stage authentication processing. The two-stageauthentication processing is “first authentication processing” forperforming authentication of the user outside the autonomous drivingvehicle 30 and “second authentication processing” for performingauthentication of the user inside a vehicle cabin of the autonomousdriving vehicle 30.

In more detail, in a case where the autonomous driving vehicle 30arrives at the pickup position desired by the user, the autonomousdriving vehicle 30 performs the first authentication processing to theuser outside the autonomous driving vehicle 30. At this time, a door ofthe autonomous driving vehicle 30 is yet locked. In a case where thefirst authentication processing is completed, the autonomous drivingvehicle 30 releases a door lock. In a case where the door lock isreleased, the user gets in the autonomous driving vehicle 30.

Authentication information for use in the second authenticationprocessing is provided to the user terminal 10 transmitting the vehicleallocation request in response to the completion of the firstauthentication processing. A provision source of the authenticationinformation may be the autonomous driving vehicle 30 or may be themanagement server 20. The user gets in the autonomous driving vehicle 30and notifies the autonomous driving vehicle 30 of the authenticationinformation received by the user terminal 10. The autonomous drivingvehicle 30 performs the second authentication processing to the userinside the vehicle cabin of the autonomous driving vehicle 30 based onthe authentication information. In a case where the secondauthentication processing is completed, the start of the autonomousdriving vehicle 30 is permitted.

As described above, the departure condition in the first embodiment ofthe disclosure is that authentication of the user is completed in bothof the first authentication processing and the second authenticationprocessing. With the first authentication processing before the releaseof the door lock, another person other than the user who transmits thevehicle allocation request is restrained from getting in the autonomousdriving vehicle 30 arrived at the pickup position without permission.With the second authentication processing, the autonomous drivingvehicle 30 is restrained from starting in a state in which the user doesnot get in the autonomous driving vehicle 30.

Hereinafter, the configuration of the autonomous driving vehicle 30 andthe departure condition confirmation processing according to the firstembodiment of the disclosure will be described in detail.

1-3. Configuration Example of Autonomous Driving Vehicle

FIG. 3 is a block diagram showing a configuration example of theautonomous driving vehicle 30 according to the first embodiment of thedisclosure. The autonomous driving vehicle 30 includes a communicationdevice 40, a first authentication information acquisition device 50, asecond authentication information acquisition device 60, a travelingdevice 70, a human machine interface (HMI) unit 80, a door lock device90, and a control device 100.

The communication device 40 performs communication with the outside ofthe autonomous driving vehicle 30. Specifically, the communicationdevice 40 performs communication with the user terminal 10 through thecommunication network. The communication device 40 performscommunication with the management server 20 through the communicationnetwork.

The first authentication information acquisition device 50 acquiresauthentication information for use in the first authenticationprocessing from the user outside the autonomous driving vehicle 30. Theauthentication information for use in the first authenticationprocessing is hereinafter referred to as “first authenticationinformation”. The first authentication information is associated withthe user who transmits the vehicle allocation request.

For example, the first authentication information is provided to theuser in a format of a quick response (QR) code (Registered Trademark).In this case, the first authentication information acquisition device 50has a QR code reader that reads the QR code. The user displays the QRcode indicating the first authentication information on a display unitof the user terminal 10 and puts the display unit over the QR codereader. The first authentication information acquisition device 50 canacquire the first authentication information by reading the QR code.

As another example, the first authentication information may be apersonal identification number (PIN) code. In this case, the firstauthentication information acquisition device 50 has a communicationdevice that performs communication with the user terminal 10. The usertransmits the PIN code using the user terminal 10 and requests forauthentication. The first authentication information acquisition device50 receives the first authentication information (PIN code) sent fromthe user terminal 10.

As still another example, the first authentication information may bebiological information of the user. In this case, the firstauthentication information acquisition device 50 has a biologicalinformation reader that reads the biological information of the user.For example, a case where a “fingerprint” is used as the biologicalinformation of the user is considered. In this case, the firstauthentication information acquisition device 50 has a fingerprintreader. The user puts a finger over the fingerprint reader. The firstauthentication information acquisition device 50 reads fingerprintinformation of the user as the first authentication information.

As still another example, the first authentication information may berecorded in an integrated circuit (IC) card or a magnetic card carriedwith the user. In this case, the first authentication informationacquisition device 50 has a card reader (IC card reader or magnetic cardreader). The first authentication information acquisition device 50reads the first authentication information using the card reader.

The first authentication information acquisition device 50 is providedto be accessed from the outside of the autonomous driving vehicle 30.Typically, the first authentication information acquisition device 50 isprovided on the outer surface of the autonomous driving vehicle 30. Thefirst authentication information acquisition device 50 may be coveredwith a cover. Alternatively, in a case where the first authenticationinformation acquisition device 50 is a communication device, the firstauthentication information acquisition device 50 does not need to beprovided on the outer surface of the autonomous driving vehicle 30. Aslong as the first authentication information can be acquired from theuser outside the autonomous driving vehicle 30, the position where thefirst authentication information acquisition device 50 is provided isoptional.

The second authentication information acquisition device 60 acquiresauthentication information from the user inside the vehicle cabin of theautonomous driving vehicle 30. In order to acquire the authenticationinformation from the user inside the vehicle cabin of the autonomousdriving vehicle 30, the second authentication information acquisitiondevice 60 is provided inside the autonomous driving vehicle 30. Theauthentication information acquired by the second authenticationinformation acquisition device 60 is used in the second authenticationprocessing. The authentication information for use in the secondauthentication processing is hereinafter referred to as “secondauthentication information”.

For example, the second authentication information is provided to theuser in a format of a QR code. In this case, the second authenticationinformation acquisition device 60 has a QR code reader that reads the QRcode. The user displays the QR code indicating the second authenticationinformation on the display unit of the user terminal 10 and puts thedisplay unit over the QR code reader. The second authenticationinformation acquisition device 60 can acquire the second authenticationinformation by reading the QR code.

As another example, the second authentication information may be a PINcode. In this case, the second authentication information acquisitiondevice 60 has a communication device that performs communication withthe user terminal 10. The user transmits the PIN code using the userterminal 10 and requests for authentication. The second authenticationinformation acquisition device 60 receives the second authenticationinformation (PIN code) sent from the user terminal 10. As acommunication system in this case, a communication system (for example:Wi-Fi) in which an effective communication distance is limited to theinside of the autonomous driving vehicle 30 is used. This is to restrainthe second authentication information from being received from the useroutside the autonomous driving vehicle 30 in the second authenticationprocessing.

The traveling device 70 includes a steering device, a drive device, anda braking device. The steering device steers wheels. The drive device isa power source that generates drive power. As the drive device, anelectric motor or an engine is illustrated. The braking device generatesbraking force.

The HMI unit 80 is an interface that notifies the user of informationand receives information from the user. For example, the HMI unit 80includes a display device, a speaker, an input device, and a microphone.The HMI unit 80 can notify the user of various kinds of informationthrough the display device or the speaker. As the input device, a touchpanel, a switch, or a button is illustrated. The user can input variouskinds of information to the HMI unit 80 using the input device or themicrophone.

The door lock device 90 locks the door of the autonomous driving vehicle30 or releases the door lock.

The control device 100 controls the autonomous driving vehicle 30. Inparticular, the control device 100 controls the driverlesstransportation service with the autonomous driving vehicle 30. Forexample, the control device 100 performs control such that the travelingdevice 70 controls traveling of the autonomous driving vehicle 30.Typically, the control device 100 is a microcomputer including aprocessor, a memory, and an input/output interface. The control device100 is also referred to as an electronic control unit (ECU).

1-4. Departure Condition Confirmation Processing

When the autonomous driving vehicle 30 picks the user up, the controldevice 100 performs the departure condition confirmation processing fordetermining whether or not the departure condition is satisfied. Asshown in FIG. 2, the departure condition is that authentication of theuser is completed in both of the first authentication processing and thesecond authentication processing. The control device 100 prohibits thestart of the autonomous driving vehicle 30 until the departure conditionis satisfied. In a case where the departure condition is satisfied, thecontrol device 100 permits the start of the autonomous driving vehicle30.

FIG. 4 is a flowchart showing the departure condition confirmationprocessing in the control device 100 of the autonomous driving vehicle30 according to the first embodiment of the disclosure. Hereinafter, thedeparture condition confirmation processing according to the firstembodiment of the disclosure will be described in detail.

1-4-1. User Information Acquisition Processing (Step S100)

The control device 100 acquires user information from the managementserver 20 through the communication device 40. The user information isinformation relating to the user who is picked up by the autonomousdriving vehicle 30, and includes, for example, the pickup positiondesired by the user. The first authentication information for use in thefirst authentication processing is also included in the userinformation.

FIG. 5 shows an example of a distribution method of the firstauthentication information with the management server 20 according tothe first embodiment of the disclosure. The user sends the vehicleallocation request to the management server 20 using the user terminal10 (Step S111). The management server 20 generates the firstauthentication information associated with the user in response to thevehicle allocation request (Step S121). The management server 20provides the generated first authentication information to the userterminal 10 and the autonomous driving vehicle 30 (Step S122). Thecontrol device 100 of the autonomous driving vehicle 30 receives thefirst authentication information from the management server 20 throughthe communication device 40 (Step S131). The user terminal 10 receivesthe first authentication information from the management server 20 (StepS112). For example, the first authentication information is provided tothe user terminal 10 in a format of a QR code or a PIN code.

FIG. 6 shows another example of the distribution method of the firstauthentication information with the management server 20 according tothe first embodiment of the disclosure. In the example shown in FIG. 6,at least a part of the registration information of the user registeredin the management server 20 in advance is used as the firstauthentication information. For example, biological information (forexample: fingerprint) of the user is registered as the registrationinformation and is used as the first authentication information.Alternatively, membership information of the user may be used as thefirst authentication information.

In more detail, the user performs a user registration application usingthe user terminal 10 (Step S10). The management server 20 performs userregistration processing (Step S20). The registration information of theuser is registered (stored) in the management server 20 in advance.Thereafter, the user sends the vehicle allocation request to themanagement server 20 using the user terminal 10 (Step S111). Themanagement server 20 acquires at least a part of the registrationinformation of the user as the first authentication information inresponse to the vehicle allocation request (Step S123). The managementserver 20 provides the acquired first authentication information to theautonomous driving vehicle 30 (Step S124). The control device 100 of theautonomous driving vehicle 30 receives the first authenticationinformation from the management server 20 through the communicationdevice 40 (Step S131). In the first embodiment of the disclosure, thefirst authentication information does not need to be provided from themanagement server 20 to the user terminal 10.

1-4-2. First Authentication Processing (Step S200)

In a case where the autonomous driving vehicle 30 arrives at the pickupposition desired by the user, the control device 100 performs the firstauthentication processing. In the first authentication processing, thecontrol device 100 performs authentication of the user outside theautonomous driving vehicle 30. For authentication, the control device100 acquires the first authentication information from the user outsidethe autonomous driving vehicle 30 using the above-described firstauthentication information acquisition device 50.

For example, the user displays a QR code indicating the firstauthentication information on the display unit of the user terminal 10and puts the display unit over the first authentication informationacquisition device 50 (QR code reader). The first authenticationinformation acquisition device 50 acquires the first authenticationinformation by reading the QR code.

As another example, the user transmits a PIN code indicating the firstauthentication information using the user terminal 10. The firstauthentication information acquisition device 50 (communication device)receives the first authentication information (PIN code) sent from theuser terminal 10.

In still another example, the first authentication information is afingerprint of the user. In this case, the user puts the finger over thefirst authentication information acquisition device 50 (fingerprintreader). The first authentication information acquisition device 50reads fingerprint information of the user as the first authenticationinformation.

In still another example, the first authentication information isrecorded in an IC card or a magnetic card carried with the user. Theuser makes the first authentication information acquisition device 50(card reader) read the first authentication information recorded in theIC card or the magnetic card.

The control device 100 performs authentication of the user based on thefirst authentication information acquired from the management server 20in Step S100 and the first authentication information acquired from theuser using the first authentication information acquisition device 50.In a case where authentication of the user is successful, the firstauthentication processing is completed. In a case where the firstauthentication processing is completed, the process progresses to nextSteps S300 and S400.

1-4-3. Door Lock Release Processing (Step S300)

The control device 100 performs door lock release processing in responseto the completion of the first authentication processing. Specifically,the control device 100 performs control such that the door lock device90 releases the door lock of the autonomous driving vehicle 30. In acase where the door lock is released, the user gets in the autonomousdriving vehicle 30.

1-4-4. Second Authentication Information Provision Processing (StepS400)

The control device 100 performs second authentication informationprovision processing in response to the completion of the firstauthentication processing. In the second authentication informationprovision processing, the control device 100 makes the user who sendsthe vehicle allocation request acquire the second authenticationinformation for use in the second authentication processing. Forexample, the second authentication information is provided to the userterminal 10 in a format of a QR code or a PIN code.

FIG. 7 shows an example of the second authentication informationprovision processing (Step S400) according to the first embodiment ofthe disclosure. The control device 100 of the autonomous driving vehicle30 generates the second authentication information (Step S431). Thecontrol device 100 provides the generated second authenticationinformation to the user terminal 10 (Step S432). For example, thecontrol device 100 transmits the second authentication information tothe user terminal 10 using the communication device 40. Alternatively,the control device 100 may transmit the second authenticationinformation to the management server 20 using the communication device40, and the management server 20 may transfer the second authenticationinformation to the user terminal 10. That is, the control device 100 mayprovide the second authentication information to the user terminal 10through the management server 20. The user terminal 10 receives thesecond authentication information (Step S411).

FIG. 8 shows another example of the second authentication informationprovision processing (Step S400) according to the first embodiment ofthe disclosure. The control device 100 of the autonomous driving vehicle30 sends a second authentication information generation request to themanagement server 20 using the communication device 40 (Step S433). Thesecond authentication information generation request is information forrequesting the management server 20 to generate and provide the secondauthentication information. The management server 20 generates thesecond authentication information in response to the secondauthentication information generation request (Step S421). Themanagement server 20 provides the generated second authenticationinformation to the user terminal 10 and the autonomous driving vehicle30 (Step S422). The control device 100 of the autonomous driving vehicle30 receives the second authentication information from the managementserver 20 through the communication device 40 (Step S434). The userterminal 10 receives the second authentication information from themanagement server 20 (Step S412).

In the first embodiment of the disclosure, the second authenticationinformation for use in the second authentication processing is differentfrom the first authentication information for use in the firstauthentication processing. In the specification, the term “different”means that types are different or the types are identical but contentsare different.

The sequence of Steps S300 and S400 is optional. In a case where StepsS300 and S400 are completed, the process progresses to next Step S500.

1-4-5. Second Authentication Processing (Step S500)

The control device 100 performs the second authentication processing. Inthe second authentication processing, the control device 100 performsauthentication of the user (that is, the user who gets in the autonomousdriving vehicle 30) inside the vehicle cabin of the autonomous drivingvehicle 30. In order to perform authentication of the user inside thevehicle cabin of the autonomous driving vehicle 30, the control device100 acquires the second authentication information from the user insidethe vehicle cabin of the autonomous driving vehicle 30 using theabove-described second authentication information acquisition device 60.

For example, the user displays a QR code indicating the secondauthentication information on the display unit of the user terminal 10and puts the display unit over the second authentication informationacquisition device 60 (QR code reader). The second authenticationinformation acquisition device 60 acquires the second authenticationinformation by reading the QR code.

As another example, the user transmits a PIN code indicating the secondauthentication information using the user terminal 10. The secondauthentication information acquisition device 60 (communication device)receives the second authentication information (PIN code) sent from theuser terminal 10.

The control device 100 performs authentication of the user based on thesecond authentication information generated or acquired in Step S400 andthe second authentication information acquired from the user using thesecond authentication information acquisition device 60. In a case whereauthentication of the user is successful, the second authenticationprocessing is completed. In a case where the second authenticationprocessing is completed, the process progresses to next Step S600.

1-4-6. Start Permission Processing (Step S600)

In a case where the second authentication processing is completed, thecontrol device 100 permits the start of the autonomous driving vehicle30. In this case, the control device 100 may perform control such thatthe door lock device 90 automatically locks the door of the autonomousdriving vehicle 30. Thereafter, the control device 100 performs controlsuch that the traveling device 70 starts the autonomous driving vehicle30. The autonomous driving vehicle 30 travels from the pickup positiondesired by the user toward the destination.

1-5. Effects

As described above, according to the first embodiment of the disclosure,in the departure condition confirmation processing, the two-stageauthentication processing is performed. Specifically, the firstauthentication processing is performed to the user outside theautonomous driving vehicle 30 before the release of the door lock. Afterthe completion of the first authentication processing, the secondauthentication information different from the first authenticationinformation is provided to the user, and the second authenticationprocessing is performed to the user inside the vehicle cabin of theautonomous driving vehicle 30. In a case where the second authenticationprocessing is completed, the start of the autonomous driving vehicle 30is permitted.

With the first authentication processing before the release of the doorlock, another person other than the user who transmits the vehicleallocation request is restrained from getting in the autonomous drivingvehicle 30 arrived at the pickup position without permission. With thesecond authentication processing, the autonomous driving vehicle 30 isrestrained from starting in a state in which the user does not get inthe autonomous driving vehicle 30. For example, the autonomous drivingvehicle 30 is restrained from starting without permission while the useris loading a cargo in a trunk of the autonomous driving vehicle 30.

With the two-stage authentication processing, the following effect isalso obtained. For example, a case where another person who is maliciousacquires the first authentication information of the user in anunauthorized manner with means, such as hacking, is considered.According to the first embodiment of the disclosure, after thecompletion of the first authentication processing, the secondauthentication information different from the first authenticationinformation is provided to the authorized user, and the secondauthentication processing is performed based on the secondauthentication information. Accordingly, for example, even thoughanother person can acquire the first authentication information, anotherperson cannot pass the second authentication processing. That is, it isnot possible for another person to start the autonomous driving vehicle30.

As described above, according to the first embodiment of the disclosure,it is possible to restrain the start of the autonomous driving vehicle30 in a state in which the user who transmits the vehicle allocationrequest does not get in the autonomous driving vehicle 30. That is, itis possible to restrain the start of the autonomous driving vehicle 30unintended by the user. Accordingly, a sense of discomfort orinconvenience imposed on the user is reduced. This contribute toimprovement of reliability to the autonomous driving vehicle 30 and thedriverless transportation service.

2. Second Embodiment

In a second embodiment of the disclosure, the autonomous driving vehicle30 prompts the user to perform an authentication operation (for example,put a QR code) for the second authentication processing as needed.Others are the same as those in the first embodiment. Descriptionoverlapping the first embodiment is appropriately omitted.

FIG. 9 is a flowchart showing second authentication processing (StepS500) according to the second embodiment of the disclosure. The controldevice 100 of the autonomous driving vehicle 30 determines whether ornot the second authentication processing is completed (Step S510). In acase where the second authentication processing is completed (Step S510;Yes), Step S500 ends. In a case where the second authenticationprocessing is not completed (Step S510; No), the process progresses toStep S520.

The control device 100 measures an elapsed time after the firstauthentication processing (Step S200) is completed. In Step S520, thecontrol device 100 determines whether or not the elapsed time reachespredetermined time T1. In a case where the elapsed time does not reachpredetermined time T1 (Step S520; No), the process returns to Step S510.In a case where the elapsed time reaches predetermined time T1 (StepS520; Yes), the process progresses to Step S530.

In Step S530, the control device 100 prompts the user to perform anauthentication operation using the HMI unit 80. For example, the controldevice 100 outputs voice guidance, “please make an authenticationoperation”, using the speaker of the HMI unit 80. The control device 100may display a message, “please make an authentication operation”, on thedisplay device of the HMI unit 80. The control device 100 may inform theuser a method of an authentication operation. Thereafter, the processreturns to Step S510.

As described above, according to the second embodiment of thedisclosure, after the completion of the first authentication processing,in a case where the second authentication processing is not completedeven when predetermined time T1 elapses, the execution of theauthentication operation is prompted. With this, the autonomous drivingvehicle 30 does not stay at the pickup position for a long timeneedlessly and is expected to start early. This results in reduction(improvement of a turnover rate) of a time on duty of the autonomousdriving vehicle 30, and is preferable for a provider who provides thedriverless transportation service.

3. Third Embodiment

A third embodiment of the disclosure is a modification of the secondembodiment. Description overlapping the first embodiment and the secondembodiment is appropriately omitted.

FIG. 10 is a flowchart showing second authentication processing (StepS500) according to the third embodiment of the disclosure. Steps S510 toS530 are the same as those in the second embodiment. After Step S530,the process progresses to Step S540.

In Step S540, the control device 100 determines whether or not theelapsed time after the completion of the first authentication processingreaches predetermined time T2. Predetermined time T2 is longer thanpredetermined time T1. In a case where the elapsed time does not reachpredetermined time T2 (Step S540; No), the process returns to Step S510.In a case where the elapsed time reaches predetermined time T2 (StepS540; Yes), the control device 100 starts charging to the userauthenticated by the first authentication processing (Step S550).Thereafter, the processing flow shown in FIG. 9 is continued.

Before charging starts, the control device 100 may notify the user that“charging starts” using the HMI unit 80.

In determination about whether or not to start charging, the supply anddemand of the autonomous driving vehicle 30 may be taken intoconsideration. For example, charging may start solely when demandexceeds supply. The autonomous driving vehicle 30 acquires informationrelating to supply and demand from the management server 20. Themanagement server 20 can predict supply and demand from a past trend orthe like.

A condition for starting charging may be determined based on the numberof vehicles, the number of vehicles that can be currently allocated, aroute plane of a vehicle that is currently traveling, a destinationarrival time, or the like.

As described above, according to the third embodiment of the disclosure,after the completion of the first authentication processing, in a casewhere the second authentication processing is not completed even whenpredetermined time T2 elapses, charging to the user starts. Accordingly,an effect of reduction (improvement of a turnover rate) of the time onduty of the autonomous driving vehicle 30 is expected to be furtherenhanced. This is preferable for a provider who provides a driverlesstransportation service.

Although the embodiment of the disclosure has been described above indetail, the disclosure is not limited to the above-described embodiment,and various modifications or alterations may be made without departingfrom the spirit and scope of the disclosure described in the claims.

What is claimed is:
 1. An autonomous driving vehicle that provides adriverless transportation service to a user, the autonomous drivingvehicle comprising: a first authentication information acquisitiondevice provided on an outer surface of the autonomous driving vehicle,the first authentication device configured to acquire firstauthentication information from the user while the user is outside ofthe autonomous driving vehicle, the first authentication informationbeing registered in association with the user in advance andcorresponding to at least one of biological information, or IntegratedCircuit (IC) information of a terminal of the user; a secondauthentication information acquisition device provided inside of theautonomous driving vehicle, the second authentication informationacquisition device configured to acquire second authenticationinformation from the user inside of a vehicle cabin of the autonomousdriving vehicle; and a control device configured to control theautonomous driving vehicle, wherein: when the autonomous driving vehiclepicks the user up, the control device performs departure conditionconfirmation processing; and the departure condition confirmationprocessing includes first authentication processing that performsauthentication of the user outside of the autonomous driving vehiclebased on the first authentication information acquired by the firstauthentication information acquisition device, door lock releaseprocessing that releases a door lock of the autonomous driving vehiclein response to a completion of the first authentication processing,second authentication information provision processing that, in responseto the completion of the first authentication processing, causes thesecond authentication information to be generated and transmitted to theterminal of the user, the second authentication information beingdifferent from the first authentication information, secondauthentication processing that performs authentication of the userinside of the vehicle cabin of the autonomous driving vehicle based onthe second authentication information acquired by the secondauthentication information acquisition device, and start permissionprocessing that permits the start of the autonomous driving vehicle in acase where the second authentication processing is completed.
 2. Theautonomous driving vehicle according to claim 1, wherein, in the secondauthentication information provision processing, the control devicegenerates the second authentication information and transmits thegenerated second authentication information to the terminal of the user.3. The autonomous driving vehicle according to claim 1, wherein, in thesecond authentication information provision processing, the controldevice requests a management server to generate and transmit the secondauthentication information to the terminal of the user and to thecontrol device, and receives the second authentication informationgenerated by the management server from the management server, and thesecond authentication information generated by the management server istransmitted from the management server to the terminal of the user. 4.The autonomous driving vehicle according to claim 1, wherein, after thecompletion of the first authentication processing, in a case where thesecond authentication processing is not completed even when a firstpredetermined time elapses, the control device prompts the user toperform an authentication operation for the second authenticationprocessing.
 5. The autonomous driving vehicle according to claim 4,wherein, after the completion of the first authentication processing, ina case where the second authentication processing is not completed evenwhen a second predetermined time longer than the first predeterminedtime elapses, the control device notifies the user that charging willstart and starts charging to the user authenticated by the firstauthentication processing.
 6. The autonomous driving vehicle accordingto claim 1, wherein the first authentication information is thebiological information.
 7. The autonomous driving vehicle according toclaim 6, wherein the first authentication information is fingerprintinformation.
 8. The autonomous driving vehicle according to claim 1,wherein the second authentication information is a quick response (QR)code or a pin code.
 9. The autonomous driving vehicle according to claim1, wherein the second authentication information is different from eachof the biological information, and the IC information.
 10. A driverlesstransportation system that provides a driverless transportation serviceto a user, the driverless transportation system comprising: a managementserver; and an autonomous driving vehicle configured to be able tocommunicate with the management server, wherein: the autonomous drivingvehicle includes a first authentication information acquisition deviceprovided on an outer surface of the autonomous driving vehicle, thefirst authentication device configured to acquire first authenticationinformation from the user while the user is outside of the autonomousdriving vehicle, the first authentication information being registeredin association with the user in advance and corresponding to at leastone of biological information, or Integrated Circuit (IC) information ofa terminal of the user, and a second authentication informationacquisition device provided inside of the autonomous driving vehicle,the second authentication information acquisition device configured toacquire second authentication information from the user inside of avehicle cabin of the autonomous driving vehicle; when the autonomousdriving vehicle picks the user up, the autonomous driving vehicleperforms departure condition confirmation processing; and the departurecondition confirmation processing includes first authenticationprocessing that performs authentication of the user outside of theautonomous driving vehicle based on the first authentication informationacquired by the first authentication information acquisition device,door lock release processing that releases a door lock of the autonomousdriving vehicle in response to a completion of the first authenticationprocessing, second authentication information provision processing that,in response to the completion of the first authentication processing,causes the second authentication information to be generated andtransmitted to the terminal of the user, the second authenticationinformation being different from the first authentication information,second authentication processing that performs authentication of theuser inside the vehicle cabin of the autonomous driving vehicle based onthe second authentication information acquired by the secondauthentication information acquisition device, and start permissionprocessing that permits the start of the autonomous driving vehicle in acase where the second authentication processing is completed.
 11. Thedriverless transportation system according to claim 10, wherein, in thesecond authentication information provision processing, the autonomousdriving vehicle generates the second authentication information andtransmits the generated second authentication information to thes-terminal of the user.
 12. The driverless transportation systemaccording to claim 10, wherein, in the second authentication informationprovision processing, the autonomous driving vehicle requests themanagement server to generate and transmit the second authenticationinformation to the terminal of the user and to the autonomous drivingvehicle, and the management server generates the second authenticationinformation and transmits the generated second authenticationinformation to the autonomous driving vehicle and the terminal of theuser.
 13. The driverless transportation system according to claim 10,wherein the management server generates the first authenticationinformation and transmits the generated first authentication informationto the autonomous driving vehicle and the terminal of the user inresponse to receiving a vehicle allocation request from the user. 14.The driverless transportation system according to claim 10, wherein thefirst authentication information is included in the registrationinformation of the user that is registered in the management server inadvance, and the management server transmits the registrationinformation as the first authentication information to the autonomousdriving vehicle in response to receiving a vehicle allocation requestfrom the user.